CVE-2016-10753

Name of the Vulnerable Software and Affected Versions e107 version 2.1.2

Description The issue allows PHP Object Injection, which can result in SQL injection. This is because the usersettings.php file uses the unserialize function without an HMAC.

Recommendations For e107 version 2.1.2, consider updating to a version where the unserialize function is properly secured, or as a temporary workaround, restrict access to the usersettings.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.